<?php
// add new user directly from admin

define('IN_PHPBB', 1);

if( !empty($setmodules) )
{
	$filename = basename(__FILE__);
	$module['Users']['Add User'] = $filename;

	return;
}

$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/bbcode.'.$phpEx);
require($phpbb_root_path . 'includes/functions_post.'.$phpEx);
require($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
require($phpbb_root_path . 'includes/functions_validate.'.$phpEx);

$html_entities_match = array('#<#', '#>#');
$html_entities_replace = array('&lt;', '&gt;');

function userExists($pName) {
	global $db;

	// Remove doubled up spaces
	$pName = preg_replace('#\s+#', ' ', trim($pName)); 
	$pName = phpbb_clean_username($pName);
	
	$sql = "SELECT username 
		FROM " . USERS_TABLE . " 
		WHERE LOWER(username) = '" . strtolower($pName) . "'";
	if ($result = $db->sql_query($sql))
	{
		if ($row = $db->sql_fetchrow($result))
		{
			if ($row['username'] == $pName)
			{
				$db->sql_freeresult($result);
        return true;
			}
		}
	}
	$db->sql_freeresult($result);
  return false;
}

function getDefaultConfig($pKey) {
	global $db;

	$sql = "SELECT config_value
		FROM " . CONFIG_TABLE . "
		WHERE config_name = '$pKey'";
	if ( !($result = $db->sql_query($sql)) )
	{
		message_die(GENERAL_ERROR, 'Could not access default config value for $pKey');
	}
  if ($row = $db->sql_fetchrow($result)) {
    return $row['config_value'];
  } else {
		message_die(GENERAL_ERROR, 'Could not access default config value for $pKey');
    return null;
  }
}

function getDefaultDateFormat() {
	$theValue = getDefaultConfig("default_dateformat");
  if (isset($theValue))
  {
    return $theValue;
  }
  else
  {
		message_die(GENERAL_ERROR, 'Could not select default dateformat', '', __LINE__, __FILE__, $sql);
    return "Y-m-d";
  }
}

function getBoardTimezone() {
	$theValue = getDefaultConfig("board_timezone");
  if (isset($theValue))
  {
    return doubleval($theValue);
  }
  else
  {
		message_die(GENERAL_ERROR, 'Could not select board timezone', '', __LINE__, __FILE__, $sql);
    return -8;
  }
}

function getNextUserId() {
	global $db;

  $sql = "SELECT MAX(user_id) AS total
    FROM " . USERS_TABLE;
  if ( !($result = $db->sql_query($sql)) )
  {
    message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
  }

  if ( !($row = $db->sql_fetchrow($result)) )
  {
    message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
  }
  $user_id = $row['total'] + 1;
  
  return $user_id;
}

function addUser($pName, $pPassword) {
	global $db;

  $theUserId = getNextUserId();
  $thePassword = md5($pPassword);
  $theRegDate = time();
  $theTimezone = getBoardTimezone();
  $theDateFormat = getDefaultDateFormat();
  
  $sql = "INSERT INTO " . USERS_TABLE . "	(user_id, user_active, username, user_password, user_regdate, user_level, user_timezone, user_style, user_lang, user_dateformat) VALUES ($theUserId, 1, '$pName', '$thePassword', $theRegDate, 0, $theTimezone, 1, 'english', '$theDateFormat')";

  if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
  {
    message_die(GENERAL_ERROR, 'add new user failed', '', __LINE__, __FILE__, $sql);
  }

  $sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
    VALUES ('', 'Personal User', 1, 0)";
  if ( !($result = $db->sql_query($sql)) )
  {
    message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
  }

  $group_id = $db->sql_nextid();

  $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
    VALUES ($theUserId, $group_id, 0)";
  if( !($result = $db->sql_query($sql, END_TRANSACTION)) )
  {
    message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql);
  }
}

//
// Set mode
//
if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
{
	$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
	$mode = htmlspecialchars($mode);
}
else
{
	$mode = '';
}

//
// Begin program
//
$theUsername = "";
$thePassword = "";

if (isset($HTTP_POST_VARS['username'])) {
  $theUsername = $HTTP_POST_VARS['username'];
}

if (isset($HTTP_POST_VARS['password'])) {
  $thePassword = $HTTP_POST_VARS['password'];
}

if ( ($mode == 'add') && ($theUsername != "") && ($thePassword != "") )
{
	//
	// add user now
	//

	//
	// see if the user already exists
	//
  if (userExists($theUsername)) {
    message_die(GENERAL_ERROR, "username already exists in database");
  }
  
  //
  // insert entry in DB
  //
  addUser($theUsername, $thePassword);
  
  //
  // finishing message
  //
  $message .= "user added successfully";
  $message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');

  message_die(GENERAL_MESSAGE, $message);
}
else
{
// quick and dirty direct html
?>
<h1>Add a new user</h1>
<p>User details may be edited from Management</p>
<p>Both username and password must be specified</p>
<form method="post" name="post" action="<? echo append_sid("admin_user_new.$phpEx"); ?>">
  <table>
    <tr><td>username:</td><td><input class="post" type="text" name="username" size="35" maxlength="40" /></td></tr>
    <tr><td>password:</td><td><input class="post" type="text" name="password" size="35" maxlength="32"/></td></tr>
    <tr><td>&nbsp;</td><td><input type="submit" name="submit" value="add user" class="mainoption" /></td></tr>  
  </table>
  <input type="hidden" name="mode" value="add" />
</form>
<?
}

include('./page_footer_admin.'.$phpEx);

?>